Skip the port check for pre-configured "tls-alpn-01" challenge

When the challenge "tls-alpn-01" is pre-configured with MDCAChallenges, mod_md should not check any ports and just set up the challenge. This is a follow-up to icing#133
tlhackque · Nov 6, 2019 · 20a8ec0 · 20a8ec0
1 parent 77e2438
commit 20a8ec0
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/src/mod_md.c b/src/mod_md.c
@@ -438,18 +438,25 @@ static server_rec *get_public_https_server(md_t *md, const char *domain, server_
     server_rec *s;
     request_rec r;
     int i;
+    int skip_port_check = 0;
 
     sc = md_config_get(base_server);
     mc = sc->mc;
     memset(&r, 0, sizeof(r));
-
-    if (!mc->can_https) return NULL;
+
+    if (md->ca_challenges && md->ca_challenges->nelts > 0) {
+        /* skip the port check if "tls-alpn-01" is pre-configured */
+        skip_port_check = md_array_str_index(md->ca_challenges, MD_AUTHZ_TYPE_TLSALPN01, 0, 0) >= 0;
+    }
+
+    if (!skip_port_check && !mc->can_https) return NULL;
+
     /* find an ssl server matching domain from MD */
     for (s = base_server; s; s = s->next) {
         sc = md_config_get(s);
         if (!sc || !sc->is_ssl || !sc->assigned) continue;
         if (base_server == s && !mc->manage_base_server) continue;
-        if (base_server != s && mc->local_443 > 0 && !uses_port(s, mc->local_443)) continue;
+        if (base_server != s && !skip_port_check && mc->local_443 > 0 && !uses_port(s, mc->local_443)) continue;
         for (i = 0; i < sc->assigned->nelts; ++i) {
             if (md == APR_ARRAY_IDX(sc->assigned, i, md_t*)) {
                 r.server = s;